Top 2016 Data Breaches and Data Thefts in India

Data Theft or Data Breach, as quoted by TechTarget is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Going Digital, a lot of Data from India, either from private sector or Government is digitized, stored online and protection from data breaches stands a challenge.

Here is a list of a few Data Breaches from India happened in 2016.

The Largest Data Breach in India of Civil Supplies Department, Government of Kerala

One of the biggest hack on government website in India, a highly sensitive data of 34 Million citizens of State of Kerala got leaked through a portal of its Civil Supplies Department.

This hack was carried out by Indian hacker who lives in Tokyo, Japan. As per the article of HackersNewsLab, The attacker informed and warned the officials of National Informatics Center (NIC), who maintained the portal, but they ignored after which he decided to post the data openly in social media post.

As the attacker claimed, there was no security maintained for the data as he could fetch all information by just changing the random values. Nobody cared to suspect as he made 34 Million request from the same address during a week’s time.

This incident showed how government did not cared for their citizen’s data.

Attempt to Data Breach RedBus

Indian popular start-up and now go-ibibo owned online travel booking giant RedBus reported that it had faced a Cyber Attack that might have exposed the email addresses of some of its customers. They concluded with none of their user’s passwords were shared but a few user’s email addresses might have leaked as a server which stored logs was compromised.

RedBus later assured that the passwords are hashed in database and no data was compromised from databases except the compromised server which was moved to private network for more security.

Mylloyd Data Breach

In an informal post on a hacker forum, dubbed as SonySpooks, hacked and dumped credentials of over 30,000 users of a well known electrical appliance manufacture Lloyd’s web interface mylloyd.com. Though it not officially accepted or reported, HackInclude Team was able to search the dumped database posted by the hacker.
Giant companies and brands who keep records online or have a facility for their users should keep auditing their web applications and portals time to time. Which can not turn into a bulk of precious customer data being stolen. This type of attack might turn out to be a damage to customer trust.